22 matches found
EUVD-2018-1879
Malware in sbrugna...
EUVD-2016-7423
Malware in sbrugna...
EUVD-2023-46941
Malicious code in bioql PyPI...
EUVD-2022-15690
Malicious code in bioql PyPI...
EUVD-2023-47095
Malicious code in bioql PyPI...
EUVD-2024-27203
Malicious code in bioql PyPI...
EUVD-2024-47902
Malicious code in bioql PyPI...
CVE-2024-3505
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...
CVE-2018-1000623
JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu - Import & Export - Repositories, triggers a vulnerable UI REST endpoint /ui/artifactimport/upload...
BIT-ARTIFACTORY-2024-3505
JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerable to sensitive information disclosure whereby a low-privileged authenticated user can read the proxy configuration. This does not affect JFrog cloud deployments...
Vulnerability fixed in JFrog Artifactory
JFrog has fixed a vulnerability in Artifactory. A malicious party could exploit the vulnerability to launch a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrary code in the victim's browser, or access to sensitive data in the context of the victim's browser. JFrog...
CVE-2023-42661
JFrog Artifactory prior to version 7.76.2 is vulnerable to Arbitrary File Write of untrusted data, which may lead to DoS or Remote Code Execution when a specially crafted series of requests is sent by an authenticated user. This is due to insufficient validation of artifacts...
CVE-2023-42509
JFrog Artifactory later than version 7.17.4 but prior to version 7.77.0 is vulnerable to an issue whereby a sequence of improperly handled exceptions in repository configuration initialization steps may lead to exposure of sensitive data...
CVE-2023-42662
JFrog Artifactory versions 7.59 and above, but below 7.59.18, 7.63.18, 7.68.19, 7.71.8 are vulnerable to an issue whereby user interaction with specially crafted URLs could lead to exposure of user access tokens due to improper handling of the CLI / IDE browser based SSO integration...
The vulnerability of the Artifactory platform for developing and delivering Docker Desktop container applications allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Artifactory platform for developing and delivering Docker container applications is related to the transmission of registry data in an open format due to the use of HTTP instead of HTTPS protocols. Exploiting this vulnerability can allow a malicious actor to gain...
JFrog Artifactory 安全漏洞
JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog that supports clustering and high-availability Docker registries, and provides an end-to-end automation solution for tracking artifacts from development to production. A security vulnerability...
PT-2022-9369 · Jfrog · Jfrog Artifactory
Name of the Vulnerable Software and Affected Versions: JFrog Artifactory versions prior to 7.33.6 JFrog Artifactory versions prior to 6.23.38 Description: The issue affects JFrog Artifactory, making it vulnerable to Cross-Site Request Forgery CSRF for specific endpoints. Recommendations: For...
JFrog Artifactory 安全漏洞
JFrog Artifactory is an open source, general-purpose Artifact repository manager from Israel's JFrog that supports clustering and high-availability Docker registries, and provides an end-to-end solution for automating the tracking of artifacts from development to production. A security...
CVE-2022-0573
JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a...
CVE-2021-45074
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session...